#VU88891 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU88891
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor:
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the dlpar_memory_remove_by_index() function in arch/powerpc/platforms/pseries/hotplug-memory.c. A local user can trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://git.kernel.org/stable/c/bb79613a9a704469ddb8d6c6029d532a5cea384c
http://git.kernel.org/stable/c/9b5f03500bc5b083c0df696d7dd169d7ef3dd0c7
http://git.kernel.org/stable/c/b582aa1f66411d4adcc1aa55b8c575683fb4687e
http://git.kernel.org/stable/c/999a27b3ce9a69d54ccd5db000ec3a447bc43e6d
http://git.kernel.org/stable/c/026fd977dc50ff4a5e09bfb0603557f104d3f3a0
http://git.kernel.org/stable/c/df16afba2378d985359812c865a15c05c70a967e
http://git.kernel.org/stable/c/708a4b59baad96c4718dc0bd3a3427d3ab22fedc
http://git.kernel.org/stable/c/bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
